public function uninstall() { // Get DB connection try { $DB = Database::getConnection(); } catch (Exception $e) { SystemLog::add('This extension requires a database. (' . $e->getMessage() . ')', SystemLog::WARNING); return FALSE; } // Table definitions $tables = array('acl_repo', 'acl_role', 'acl_resource', 'acl_role_member', 'acl_type', 'acl_entry'); // Create tables try { $DB->beginTransaction(); foreach ($tables as $table) { if (!ModelManager::sqlQuery('DROP TABLE IF EXISTS ' . $table)) { throw new PDOException("Invalid SQL"); } } $DB->commit(); return TRUE; } catch (PDOException $e) { SystemLog::add($e->getMessage(), SystemLog::WARNING); try { $DB->rollBack(); } catch (PDOException $e) { SystemLog::add($e->getMessage(), SystemLog::WARNING); } } // Catch-all result return FALSE; }
public function whichAllowed($permissions, $resource, $resultFormat = self::RETURN_OBJECTS) { // Load resource from a given alias $alias = $resource; if (is_string($resource) && !($resource = $this->loadResourceByAlias($resource))) { throw new BuanException("Could not find AclResource with an alias of '{$alias}'"); return FALSE; } // If $resource is not persistent, we have to test all in-memory child // resources and return as an array, ignoring $resultFormat. // TODO: Why ignore $resultFormat? if (!$resource->isInDatabase()) { $childResources = $resource->getRelatedModels('AclResource', ModelRelation::REF_PARENT); $allowed = array(); foreach ($childResources as $child) { if ($this->isAllowed($permissions, $child)) { $allowed[] = $child; } } return $allowed; } // Get inheritable result first $inheritable = $this->isAllowed($permissions, $resource); // Convert $permissions to an array if (!is_array($permissions)) { $permissions = explode(",", preg_replace("/[^a-z0-9_\\-\\*,]/i", "", strtolower($permissions))); } $permissions = array_unique($permissions); // Build list of AclRole IDs which affect $role. // TODO: Order may be significant when I get around to using it. ie. A // User is more significant, has more weight, than it's parent group, // and so on up the hierarchy. $parents = $this->getAncestors(); $roleIds = array(); foreach ($parents as $p) { $roleIds[] = $p->id; } $roleIds[] = $this->id; // TODO // The code below doesn't yet take into account any AclEntry models // that may just be in-memory, eg from: // $role->load(); // $role->allow('view', 'resource'); // $role->whichAllowed(); // // It only searches in the DB. Change to look through in-memory AclEntries // too. // Gather all allowable resources $resultFields = $resultFormat == self::RETURN_OBJECTS ? 'R.*' : 'R.id'; $sql = 'SELECT ' . $resultFields . ' FROM acl_resource AS R LEFT JOIN acl_entry AS E ON R.id=E.acl_resource_id WHERE R.parent_id=' . $resource->id . ' AND ('; if ($inheritable) { $sql .= 'E.acl_resource_id IS NULL OR (E.acl_role_id<>' . implode(" AND E.acl_role_id<>", $roleIds) . ') OR (E.pdeny<>"*" AND NOT FIND_IN_SET("' . implode('", pdeny) AND NOT FIND_IN_SET("', $permissions) . '", pdeny))'; } else { $sql .= 'E.acl_role_id=' . implode(" OR E.acl_role_id=", $roleIds) . ' AND (E.pallow="*" OR (FIND_IN_SET("' . implode('") AND FIND_IN_SET("', $permissions) . '", pallow)))'; } $sql .= ') GROUP BY R.id'; $stmt = ModelManager::sqlQuery($sql); $idList = array(); while ($row = $stmt->fetch(PDO::FETCH_OBJ)) { $idList[] = $resultFormat == self::RETURN_IDS ? (int) $row->id : $row; } return $idList; }